Advice On Firewall

I noticed that the current firewall we use (SnapGear/McAfee 560) is EOL. I am curious as to what everyone recommends for firewalls?

We have a pretty basic setup with the SG560...Some rules to block/allow certain connections but that's about it.

I know it CAN do VPN and many other things but we just have not utilized it to its fullest.

Going forward - I want to know what would be the best solution for us. We are thinking of switching to a new Firewall that would have tech support available. We are purchasing a new Dell server and they recommend SonicWall

Can anyone give me advice on this? It would be nice to be able to VPN into our network as well as create rules for internet surfing (not sure if all/no firewalls have this feature).

The cheapest SonicWall on Dell's website (when configuring a new server) is the TZ 205. Would this be "easy" to setup like the SG560 is?

Not surprising that Dell would recommend SonicWall since they now own them :) With that said- we have several clients that use them and they are a great product. A little more expensive than average, but you get what you pay for. They are also not as complicated to set up as say, a Cisco, but it's not something you'll figure out unless you are familiar with routing. Their tech support is great- I've had to have them remote in to fix an issue for me before and they were quick and explained everything they were doing. They do, as is becoming more common, charge a yearly fee for support, updates, and any enhanced services you opt for such as antivirus, content filters, etc.

For clients not requiring the features (and not wanting the cost) of a SonicWall, we typically sell Netgear. On this I will advise to spend the extra money and get a business class model as the home stuff is typically junk. Setup of services and rules is simple and straight-forward but you are limited (at least on the models I've used) on the number of inbound connections you can have (I think around 15).

Both of these have models with VPN support via their own proprietary client software which we have used and they work well.

We primarily use juniper ssg firewalls but we also have several sonic wall devices due to the great VPN. Both are easier to use than a cisco or the juniper srx class. If VPN is important I recommend sonicwall

I see there is a TZ 205 and a TZ 215...Looks like the specs are a little different...

Any reason to go with the 215 over the 205?

Can someone explain what a GVC VPN License is? It says it comes with 1 or 2 (depending on the model).

With the SG560 we could have as many users setup to connect into the VPN as we wanted. Is that the case with the sonicwall? Or do I have to purchase a GVC license for every user that will be connecting into the VPN?

The 205 and 215 have 500Mbps of "stateful" traffic and the same 40Mbps for UTM performance (which I am assuming is the same a VPN throughput). What kind of differences will I see in real life scenarios going from 160 to 500?

Before you select a Sonicwall model can you provide some details on what type of traffic will pass. How many users on LAN ? Do you host web sites, Exchange server etc. Anything else on the LAN that would generate significant traffic? This would help to determine if the TZ series is good for your site.

A GVC VPN is an IPsec client that requires you install it on the remote pc before it can connect via the VPN. You can purchase additional licenses beyond those included. The TZ205 includes 2 and has a maximum of 10. The TZ215 includes 2 and can go to a maximum of 25.

Both these model also include and support an SSLVPN. This does not use a client. The TZ205 includes 1 SSLVPN license and can go to a maximum of 10. The TZ215 includes 2 and can go to a maximum of 10.

For the difference of about $200 I would definitely suggest the TZ215 if you are limiting you choice to only those models.

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

The only thing our server does at the moment is our exchange and then local file hosting. Our website is hosted on a different server outside of our network and maintained separately.

One thing that MUST work flawlessly would be VOIP phones...we are very strongly considering going to them in the next couple of months and need to make sure anything we implement will work down the road.

Our internet speed is 12-Down & 3-Up (I am willing to up the speed, I think our ISP can do 20X5). Again, I want to purchase hardware that will be viable a few years down the road...so it seems like I would need a stateful speed of at least 500Mbps right?

I would like to be able to VPN into our server from a remote location with as little latency as possible. I want it to feel like I am onsite when I am using the VPN service...Is our ISP speed good enough at 3Mbps upload speed? Is the GVC a better option than what we are using right now? (Our current Snapgear can do PPTP, L2TP, IPsec...None of them are setup though).

This is all MSRP pricing and are one time purchases...through distro you can get better I'm sure. These are then added to the VPN count the device already comes with.

I prefer to use SSL-VPN, they are clientless but if you want to run the client they are super simple to deploy. In fact pretty much touch-less as far as management goes. Once you setup the Virtual Office even if you have nothing running through it, once they get to the page it auto installs and then they enter credentials and poof...connected!

I prefer to use SSL-VPN, they are clientless but if you want to run the client they are super simple to deploy. In fact pretty much touch-less as far as management goes. Once you setup the Virtual Office even if you have nothing running through it, once they get to the page it auto installs and then they enter credentials and poof...connected!

That sounds like what I want to do. Now when you say clientless...does that just mean you do not need to install software in order to make it work? I still need "client" licenses right? If I want to VPN on my laptop (from down the street at Starbucks), the manager wants to VPN from home, and the owner wants to VPN from a different city? That would be 3 concurrent VPN connections. I would need 3 "client licenses" right? What if I needed 3 people to have a VPN connection but only 2 of them would be on at any one time?

If I have 3 people (with 3 different computers) that will need access at some point (but never all 3 at the same time) do I still need to purchase 3 SSL VPN licenses? Or can I have 2 licenses that 3 people use (just not all 3 at the same time)?

Correct that is what concurrent licensing means...its using the licenses at the same time. So with one license, if you are on the SSL-VPN and someone else tries to get on then you they will be denied due to not having enough licenses.

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure. Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable.
BACK…

Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…